A new strain of FBI-themed ransomware is targeting Apple users. The malware hijacks victims' browsers, and demands $300 to release control of the Safari application.
Ransomware, or cryptoviral extortion, is a class of malware that restricts users' access to their computer systems, and demands a ransom be paid to the malware author to restore control to the victim.
In this case, a warning, purportedly from the FBI, informs the user: "You have been viewing or distributing prohibited pornographic content. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300."
Ransomware has plagued Windows users for many years. According to Malwarebytes, cyber criminals are now becoming aware of the growing market of Apple consumers who, on the whole, are lackadaisical about Internet security.
In addition, through clever social engineering, malware authors are achieving huge success, by playing on users' fears that they have been caught doing something illegal, wrong or shameful.
Instead of starting from scratch, ransomware authors have 'ported' the latest ransomware to OS X, by leveraging the browser and its 'restore from crash' feature, as opposed to some complicated exploit.
Users are being infected with the ransomware through drive-by downloads, and particularly when searching for popular keywords.
This attack uses a URL - fbi.gov.id657546456-3999456674.k8381.com - to fool users as to its legitimacy. Popular security site, The Hacker News, says users who ignore the warning message cannot get rid of the page, and repeated attempts to close it are futile, as even the 'Leave Page' browser trick doesn't work.
Force-quitting the application results in the same ransomware page coming back the next time because of the 'restore from crash' feature, which reloads the last URL the user visited before the browser was suddenly quit.
To fix the problem and avoid paying the ransom, users are advised to click on the browser menu and select 'Reset Safari'.
Share